The (SDDC) was initially hailed as a way for organizations to improve agility, speed, and efficiency. And it certainly does all that. But today, CIOs are realizing that the SDDC—particularly, the network virtualization aspect of it—is an effective way to secure the enterprise.
Micro-segmentation: Network Virtualization Made Real
Micro-segmentation, or protecting the servers or workloads within the perimeter with their own security mechanisms, has long been a pie-in-the-sky suggestion for solving this problem. With physical servers and expensive physical firewalls, such a strategy, though theoretically feasible, was operationally and economically impractical (even absurdly so).
But all this changes with network virtualization. By virtualizing network hardware into an aggregate pool of resource capacity, enterprises can move to an increasingly fine-grained network segmentation strategy that encloses security controls—including, but not limited to virtual firewalls—down to the smallest units of virtual resources. With VMware NSX, for example, enterprises can protect individual VMs or even workloads within those VMs. If the bad guys permeate the perimeter, they are faced with a multitude of other, discrete, security mechanisms, each of them individually protecting a small but integral data center asset.
VMware NSX in particular offers a choice of three types of security for virtualized data center networks: fully isolated virtual networks; segmented virtual networks—using a fully automated firewall feature that is native to NSX; and segmentation that takes advantage of the security services offered by VMware partners such as Palo Alto Networks, Trend Micro, Symantec, and Rapid 7.
Management and Automation Key to Success
However, keep in mind that management—a critical pillar of the —is a key aspect of the network virtualization puzzle, and automation falls within that pillar. On a virtualized network, workloads can be dynamically added or shifted without human intervention. VMware’s approach to SDDC uses NSX to deliver automated provisioning, automated move/add/change for workloads, distributed enforcement at every virtual interface, and in-kernel, scale-out firewalling performance distributed to every hypervisor as an integrated feature of the product.
With all this, the operational costs of the firewalls are reduced dramatically, as you can instantiate the firewall in software, and tie all security policies to the smallest of workloads. And if the workload moves around in the data center, the security policies go with it Finally, you have protection for all workloads, even in a hybrid cloud environment.
Three Maturity Stages
VMware has identified capability stages for virtualizing the network and achieving network security through micro-segmentation:
Security is becoming the key driver of the and network virtualization in particular. In the very near future, a more secure data center will become the new normal, allowing CIOs to achieve one of their top desired IT outcomes with network virtualization: implementing security controls that are native to their data center infrastructure.
Discover more about .
Alice LaPlante has been writing about technology in national trade and business publications for more than 20 years.